but it is generally run from a dedicated box inbetween you and the Internet, it can be a very old box however
basically a glorified router

possible locations as passive detection

http://i5.tinypic.com/4gpfpc4.gif
not prevention where it drops packets determined to be attacks,
it is possible to build an all in one router\firewall\active packet dropping IDS
out of almost any computer and a few NICs (network interface cards)
older computers are actually probably a better solution, requiring less power and producing less heat
many Pentium 2 computers have been transformed into advanced hybrid DIY routers

KAV/KIS has IDS, also version 5 of KAV had it as network protection or something like that, according to help archive of KIS:

The Intrusion Detection System (IDS) provides additional security on the network level. The goal of the system is the analyze inbound connections, detect port scans on your computer, and filter network packets aimed at exploiting software vulnerabilities. When running, the Intrusion Detection System blocks all inbound connections from an attacking computer for a certain amount of time, and the user receives a message stating that his computer underwent an attempted network attack.